Scenario – Brand new Lync install
Two Lync Edge servers with DNS load balancing.
Two Front End servers with an F5 hardware load balancer (HLB) in front of those.
External full clients fail to login into Lync. Internal Lync clients were working without issue. We concentrated our time on the Lync Edge servers. We looked at the NAT setup, IP addresses and routing on the Edge servers. We then verified the certificates were correct as well. As a final check we checked the live ports on the Edge servers. To do this we performed these steps:
Telnet from Edge1 to the VIP of HLB on ports 443 and 5061 – Passed
Telnet from Edge2 to the VIP of HLB on ports 443 and 5061 – Passed
Telnet from Edge1 to IP of FrontEnd1 on ports 443 and 5061 – Passed
Telnet from Edge2 to IP of FrontEnd1 on ports 443 and 5061 – Passed
Telnet from Edge1 to IP of FrontEnd2 on ports 443 and 5061 – Passed
Telnet from Edge2 to IP of FrontEnd2 on ports 443 and 5061 – Passed
Telnet from FE1 to IP of Edge1 on ports 443 and 5061 – Passed
Telnet from FE1 to IP of Edge2 on ports 443 and 5061 – Passed
Telnet from FE2 to IP of Edge1 on ports 443 and 5061 – 443 Failed, 5061 Passed
Telnet from FE2 to IP of Edge2 on ports 443 and 5061 – 443 Failed, 5061 Passed
What we found was that the telnet to port 443 failed to one of the Edge servers. Upon the conclusion of the test we logged into the edge server that failed the telnet test and ran a netstat -a. This verified that 443 was not listed. We then checked to see if all the Lync services were running and discovered that three services were not running. We then started the services on the Edge server and verified the ports were open with the netstat -a command.
So the lesson learned here is that there are many things to check when troubleshooting connection issues. Make sure to check the basics before turning to SIP Tracing.